inc/modules/sponsor/account.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 09/30/2005 *
   4  * ===============                              Last change: 05/19/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : account.php                                      *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Sponsor can manage his account                   *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Der Sponsor kann sein Account verwalten          *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software. You can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License.       *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
  35         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
  36         require($INC);
  37 } elseif ((!EXT_IS_ACTIVE("sponsor")) && (!IS_ADMIN())) {
  38         ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE);
  39         return;
  40 } elseif (!IS_SPONSOR()) {
  41         // No sponsor!
  42         ADD_FATAL(SPONSOR_ONLY_AREA_ENTERED);
  43         return;
  44 }
  45
  46 // Data for the formular
  47 $result = SQL_QUERY_ESC("SELECT company, position, tax_ident,
  48 gender, surname, family, street_nr1, street_nr2, zip, city, country,
  49 phone, fax, cell, email, url,
  50 status, receive_warnings
  51 FROM "._MYSQL_PREFIX."_sponsor_data
  52 WHERE id='%s' AND password='%s' LIMIT 1",
  53  array(bigintval($_COOKIE['sponsorid']), $_COOKIE['sponsorpass']), __FILE__, __LINE__);
  54 if (SQL_NUMROWS($result) == 1) {
  55         // Load sponsor data
  56         $content = SQL_FETCHARRAY($result);
  57         if ($content['status'] == "CONFIRMED") {
  58                 // Check if form was submitted or not
  59                 if (!empty($_POST['ok'])) {
  60                         // Check passwords
  61                         if (empty($_POST['pass_old'])) {
  62                                 // No current password entered
  63                                 $MSG = SPONSOR_NO_CURRENT_PASSWORD_ENTERED;
  64                         } elseif (md5($_POST['pass_old']) != $_COOKIE['sponsorpass']) {
  65                                 // Entered password didn't match password in DB
  66                                 $MSG = SPONSOR_CURRENT_PASSWORD_DIDNOT_MATCH_DB;
  67                         } elseif ((!empty($_POST['pass1'])) && (!empty($_POST['pass2'])) && ($_POST['pass1'] != $_POST['pass2'])) {
  68                                 // Both new passwords did not match
  69                                 $MSG = SPONSOR_BOTH_NEW_PASSWORDS_DIDNOT_MATCH;
  70                         } elseif ((empty($_POST['pass1'])) && (!empty($_POST['pass2']))) {
  71                                 // No password one entered
  72                                 $MSG = SPONSOR_PASSWORD_ONE_EMPTY;
  73                         } elseif ((!empty($_POST['pass1'])) && (empty($_POST['pass2']))) {
  74                                 // No password two entered
  75                                 $MSG = SPONSOR_PASSWORD_TWO_EMPTY;
  76                         } elseif ((!empty($_POST['pass1'])) && (strlen($_POST['pass1']) < $_CONFIG['pass_len'])) {
  77                                 // Too short password
  78                                 $MSG = SPONSOR_PASSWORD_TOO_SHORT_1.$_CONFIG['pass_len'].SPONSOR_PASSWORD_TOO_SHORT_2;
  79                         } else {
  80                                 // Default is we don't want to change password!
  81                                 $PASS_AND = ""; $PASS_DATA = "";
  82
  83                                 // Check if we want to change password or not
  84                                 if (($_POST['pass1'] == $_POST['pass2']) && (!empty($_POST['pass1'])) && ($_POST['pass1'] != $_POST['pass_old'])) {
  85                                         // Change current password
  86                                         $PASS_AND  = ", password='%s'";
  87                                         $PASS_DATA = md5($_POST['pass1']);
  88                                 }
  89
  90                                 // Unsecure data which we don't want here
  91                                 $UNSAFE = array('receive_warnings', 'warning_interval');
  92
  93                                 // Remove all (maybe spoofed) unsafe data from array
  94                                 foreach ($UNSAFE as $remove) {
  95                                         unset($_POST[$remove]);
  96                                 }
  97
  98                                 // Set last change timestamp
  99                                 $_POST['last_change'] = time();
 100
 101                                 // Save data
 102                                 $MSG = SPONSOR_SAVE_DATA($_POST, $content);
 103                         }
 104
 105                         if (!empty($MSG)) {
 106                                 // Output message
 107                                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, $MSG);
 108                         } else {
 109                                 // No message generated
 110                                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_NO_MESSAGE_GENERATED);
 111                         }
 112                 } else {
 113                         // Check for gender selection
 114                         switch ($content['gender'])
 115                         {
 116                         case "M": // Male
 117                                 define('__GENDER_M', " selected");
 118                                 define('__GENDER_F', "");
 119                                 define('__GENDER_C', "");
 120                                 break;
 121
 122                         case "F": // Female
 123                                 define('__GENDER_M', "");
 124                                 define('__GENDER_F', " selected");
 125                                 define('__GENDER_C', "");
 126                                 break;
 127
 128                         case "C": // Company
 129                                 define('__GENDER_M', "");
 130                                 define('__GENDER_F', "");
 131                                 define('__GENDER_C', " selected");
 132                                 break;
 133                         }
 134
 135                         // Output formular
 136                         $OUT = LOAD_TEMPLATE("sponsor_account_form", true, $content);
 137                 }
 138         } else {
 139                 // Locked or so?
 140                 $STATUS = SPONSOR_TRANSLATE_STATUS($content['status']);
 141                 $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_FAILED_1.$STATUS.SPONSOR_ACCOUNT_FAILED_2);
 142         }
 143 } else {
 144         // Sponsor account not found!
 145         $OUT = LOAD_TEMPLATE("admin_settings_saved", true, SPONSOR_ACCOUNT_404_1.$_COOKIE['sponsorid'].SPONSOR_ACCOUNT_404_2);
 146 }
 147
 148 // Free memory
 149 SQL_FREERESULT($result);
 150
 151 //
 152 ?>